File squid-3.0-9189-bnc637287-CVE-2010-3072.patch of Package squid3

Overview Repositories Revisions Requests Users Attributes Meta

File squid-3.0-9189-bnc637287-CVE-2010-3072.patch of Package squid3

------------------------------------------------------------
revno: 9189
revision-id: amosjeffries@squid-cache.org-20100901075447-forii2klfwibdo1i
parent: amosjeffries@squid-cache.org-20100731142846-lg1oecplw4vwrgo3
committer: Amos Jeffries <amosjeffries@squid-cache.org>
branch nick: SQUID_3_0
timestamp: Wed 2010-09-01 01:54:47 -0600
message:
  Author: Alex Rousskov <rousskov@measurement-factory.com>
  Check for NULL and empty strings before calling str*cmp().
  
  These checks are necessary to ensure consistent comparison results (important
  for sorting and searching) and to avoid segfaults on NULL buffers (because
  termedBuf() may return NULL instead of the expected "0-terminated buffer").
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: amosjeffries@squid-cache.org-20100901075447-\
#   forii2klfwibdo1i
# target_branch: http://www.squid-cache.org/bzr/squid3/branches\
#   /SQUID_3_0/
# testament_sha1: e7f7fabcaa516a40cb0d055e7f7c4624a7d2cf54
# timestamp: 2010-09-01 07:55:26 +0000
# source_branch: http://www.squid-cache.org/bzr/squid3/branches\
#   /SQUID_3_0
# base_revision_id: amosjeffries@squid-cache.org-20100731142846-\
#   lg1oecplw4vwrgo3
# 
# Begin patch
=== modified file 'src/SquidString.h'
--- src/SquidString.h	2008-02-27 17:47:59 +0000
+++ src/SquidString.h	2010-09-01 07:54:47 +0000
@@ -127,6 +127,8 @@
 #endif
 
 private:
+    _SQUID_INLINE_ bool nilCmp(bool, bool, int &) const;
+
     /* never reference these directly! */
     unsigned short int size_; /* buffer size; 64K limit */

=== modified file 'src/String.cci'
--- src/String.cci	2008-06-13 05:13:47 +0000
+++ src/String.cci	2010-09-01 07:54:47 +0000
@@ -73,19 +73,31 @@
     return strrchr(buf(), (ch));
 }
 
+/// compare NULL and empty strings because str*cmp() may fail on NULL strings
+/// and because we need to return consistent results for strncmp(count == 0).
+bool
+String::nilCmp(const bool thisIsNilOrEmpty, const bool otherIsNilOrEmpty, int &result) const
+{
+    if (!thisIsNilOrEmpty && !otherIsNilOrEmpty)
+        return false; // result does not matter
+
+    if (thisIsNilOrEmpty && otherIsNilOrEmpty)
+        result = 0;
+    else if (thisIsNilOrEmpty)
+        result = -1;
+    else // otherIsNilOrEmpty
+        result = +1;
+
+    return true;
+}
+
+
 int
 String::cmp (char const *aString) const
 {
-    /* strcmp fails on NULLS */
-
-    if (size() == 0 && (aString == NULL || aString[0] == '\0'))
-        return 0;
-
-    if (size() == 0)
-        return -1;
-
-    if (aString == NULL || aString[0] == '\0')
-        return 1;
+    int result = 0;
+    if (nilCmp(!size(), (!aString || !*aString), result))
+        return result;
 
     return strcmp(buf(), aString);
 }
@@ -93,19 +105,9 @@
 int
 String::cmp (char const *aString, size_t count) const
 {
-    /* always the same at length 0 */
-
-    if (count == 0)
-        return 0;
-
-    if (size() == 0 && (aString == NULL || aString[0] == '\0'))
-        return 0;
-
-    if (size() == 0)
-        return -1;
-
-    if (aString == NULL || aString[0] == '\0')
-        return 1;
+    int result = 0;
+    if (nilCmp((!size() || !count), (!aString || !*aString || !count), result))
+        return result;
 
     return strncmp(buf(), aString, count);
 }
@@ -113,16 +115,9 @@
 int
 String::cmp (String const &aString) const
 {
-    /* strcmp fails on NULLS */
-
-    if (size() == 0 && aString.size() == 0)
-        return 0;
-
-    if (size() == 0)
-        return -1;
-
-    if (aString.size() == 0)
-        return 1;
+    int result = 0;
+    if (nilCmp(!size(), !aString.size(), result))
+        return result;
 
     return strcmp(buf(), aString.buf());
 }
@@ -130,12 +125,20 @@
 int
 String::caseCmp(char const *aString) const
 {
+    int result = 0;
+    if (nilCmp(!size(), (!aString || !*aString), result))
+        return result;
+
     return strcasecmp(buf(), aString);
 }
 
 int
 String::caseCmp(char const *aString, size_t count) const
 {
+    int result = 0;
+    if (nilCmp((!size() || !count), (!aString || !*aString || !count), result))
+        return result;
+
     return strncasecmp(buf(), aString, count);
 }

Places

File squid-3.0-9189-bnc637287-CVE-2010-3072.patch of Package squid3

Places